Net/FSE is a Linux-based, efficient network data collection tool and search engine software. Net/FSE allows security analysts to collect all of the enterprise's IP-based network data into one, low-overhead repository and then perform rapid searches over terabytes of network data, particularly NetFlow, for IT security investigations. The software can be quickly deployed on standard commodity servers.

Network security analysts must respond to network security alerts quickly and reduce the amount of time spent on unnecessary forensics investigations. At the same time, security analysts are bombarded with alerts from tools such as IDS, IPS, Firewalls, SIMs, etc. These tools provide minimal context outside the scope of the alert. To evaluate the potential impact of an alert and to quickly eliminate unnecessary investigations you have put context around that alert. To do so security analysts need to rapidly answer critical questions such as:

• What other hosts are associated with this alert?
• How many hosts are involved?
• How long has this activity been going on?
• Where did the activity originate?
• Is the activity still ongoing?

Net/FSE lets security analysts quickly and definitely answers these questions.

Net/FSE can be downloaded here for free. The free version is fully functional and will collect up to 1 million events per day. Net/FSE can be purchased at a variety of affordable price points that will meet the needs of any enterprise network. We also offer professional services to assist you in installing, configuring and using Net/FSE to enhance your network visibility.

Yes. We recommend you watch our brief online demo, then you can use the online Net/FSE test drive.

Net/FSE runs on commodity servers. The Installation Guide provides minimum and preferred system requirements. You will also need network event information. Net/FSE functions as a NetFlow collector and syslog server. At least some data must be sent to Net/FSE. The Administrators Guide in the download package describes how event type data sources are configured. Because Net/FSE employs a dynamic, browser-based user interface (IE, Firefox, Safari) there is no client application necessary.

No. Net/FSE is the workflow tool you go to once you have received an alert from one of the alerting and correlation devices on your network such as your Intrusion Protection System (IPS), Firewall or Security Information Management System (SIM) for example. Net/FSE allows you, as a security analyst to dig deep into alerts that come from the devices on your network, your users or from entities outside your network.

Net/FSE is installed and configured on standard commodity servers and then placed in the IT server farm where it can be accessed through a secure web interface throughout the enterprise.

Net/FSE functions as both a NetFlow collector and a syslog server allowing enterprises to easily integrate data sources into Net/FSE for enhanced network visibility. In cases where NetFlow collection and syslog are not appropriate, Packet Analytics developers can design custom agents to stream data to the server or provide search capabilities over existing log repositories. This is ideal in cases where an enterprise already has a robust centralized logging infrastructure and simply wants search capabilities over that dataset. To request a custom event type please send us an email to support@packetanalytics.com.

Net/FSE is designed from the ground up to scale to multi-terabyte datasets with hundreds of billions of records. Data storage in Net/FSE is limited only by the amount of storage made available to the server. An SAN system or attached RAID can provide Net/FSE with years of storage capacity. Smaller enterprise networks will find that 1TB of disk will provide 1-2 years of storage.

Net/FSE is officially supported on a variety of mainstream Linux distributions. You can see the list at the following location. Net/FSE is developed on Mac OS X and also works on OS X. Email support@packetanalytics.com if you would like to see additional OS support. See the installation guide for more information on supported OSes.

We do not currently have plans for a Windows version although we will develop one if there is demand. Email support@packetanalytics.com if you are interested in a Windows version.